An IP Multimedia Subsystem (hereinafter IMS) enables an operator of a Public Land Mobile Network (hereinafter PLMN) to offer their subscribers multimedia services based on and built upon Internet applications, services and protocols. These multimedia services may be particularly accessible via IMS applications.
A complete solution for the support of IMS applications, in accordance with 3rd Generation Partnership Project (hereinafter 3GPP) IMS-related technical specifications, includes terminals for the subscribers or users of the IMS, one or more IP-Connectivity Access Network (hereinafter IP-CAN), and specific functional elements of the IMS as described in 3GPP TS 23.228: “IP Multimedia Subsystem; Stage 2”. An exemplary IP-CAN may be a GPRS core network with a GERAN and/or UTRAN radio access networks. Ongoing 3GPP Release 8 also cover a so-called System Architecture Evolution (hereinafter SAE) network as a new type of IP-CAN, in accordance with 3GPP TS 23.401.
Different services and applications can be offered on top of IMS. The IMS allows deployment of peer-to-peer applications such as Multimedia Telephony, Push-to-Talk over Cellular, real-time video sharing, etc, for which the transport connections are dynamically negotiated by a protocol exchange between two end-points. Such protocol exchange is conventionally carried out by coupled protocols such as the Session Initiation Protocol (hereinafter SIP) and the Session Description Protocol (hereinafter SDP) may be, namely a SIP/SDP protocol exchange.
In order to provide a satisfactory and reliable service experience, operators need to take special care of the quality, effective charging and potential fraud on the use of services and IMS applications. To this end, a Policy and Charging Control (hereinafter PCC) architecture is provided, as disclosed in 3GPP TS 23.203, to help operators on the control of the above issues. Thus, the PCC architecture cooperates with the IMS, as well as with any access network, being a fixed or mobile access network, in order to provide a selective control of IP flows, such as Quality of Service (hereinafter QoS), firewall, multiplexing, etc, as well as a selective handling of the negotiated IP flows.
This PCC architecture generally includes an Application Function (hereinafter AF) offering applications that require policy and charging control of resources in the bearer plane and wherein service characteristics are negotiated through in the signalling plane; a Policy and Charging Enforcement Function (hereinafter PCEF) providing service data flow detection, charging and policing enforcement over the traffic in the bearer plane and wherein the service is actually provided through; and a Policy and Charging Rules Function (hereinafter PCRF) providing control functions and installing rules at the PCEF to ensure that only authorized media flows are allowed and are applied the right QoS through the right bearer.
On the other hand, regarding the authentication methods and establishment of shared keys, also known as “authentication and key agreement” (hereinafter AKA), that the different networks may apply, a variety of distinguishable families co-exist nowadays. In this respect, current authentication and key agreement mechanisms used for 2nd and 3rd generation networks (generally known and hereinafter abbreviated as 2G and 3G networks respectively), as well as those used for IMS networks, are based on the AKA framework described in 3GPP TS 33.102, whereas a so-called Extensible Authentication Protocol, (hereinafter EAP) specified under the IETF, stipulates the AKA mechanisms for non-3GPP access networks to 3G systems. For instance, UMTS-AKA is the authentication and key agreement mechanism used in 3G networks, EAP-AKA is the authentication and key agreement mechanism used in an IWLAN (also known by the telecommunication community as “Inter-working Wireless Land Access Network”, “Industrial Wireless Land Access Network”, or “Intelligent Wireless Land Access Network”), and IMS-AKA is the authentication and key agreement mechanism used in the application layer of an IMS network.
As new scenarios come into place, where different business operators are present and networks evolve towards fixed-mobile convergent networks, there are expectations on that security needs may vary depending on the kind of network, user, service and application involved. For the sake of simplicity, user and user equipment may be hereinafter abbreviated as UE.
This is apparent where considering that, due to Evolved Packet Core networks, which are also known as a System Architecture Evolution (hereinafter SAE), users will be enabled to move and roam between different Packet Switching (hereinafter PS) access networks whilst consuming a given service. Thus, the currently developed SAE telecom networks provide means for a UE to seamlessly change between heterogeneous access technologies, such as roaming between 3GPP and non-3GPP accesses. However, said accesses to a large variety of networks, whilst maintaining data connectivity, have not yet considered security implications of allowing networks with a variety of security strength and diverse authentication technologies to be interconnected. In this respect, the authentication methods used in 2G/3G/IMS networks, for example, are decided in a static way and not based on any dynamic information obtainable in real time.
In particular, an EAP authentication method has the possibility to issue a specific authentication request based on an assumed authentication method supported in the UE. This assumption needs to be based on a received EAP identity whereby an authentication server might choose to go for an EAP AKA request, or for another method like, for example, a so-called EAP MD5. However, EAP does not consider user status data such as consumed services, requested Packet Data Network (hereinafter PDN), available QoS, etc. Generally speaking, there is no influence nowadays of dynamic data on the authentication method apply to the user.
There are, however, quite a few reasons whereby a number of dynamic data may affect the security of evolving networks.
For instance, a user may be found to suspiciously access a certain service for quite a long time. This situation may be determined where the operator has set a threshold maximum time value “T-max” per service usage and the user accesses a service during a time “T-usage”, so that if T-usage>T-max the operator may suspect that the original UE has being impersonated with, for example, a Man-In-the-Middle (hereinafter MIM) attack, terminal hijacking, etc. Currently, the operator can only re-issue the standardised authentication procedure and cannot determine whether it is the same original user or an impersonating user.
Also for instance, a user may be found to attempt to access suspiciously many IP-CAN sessions. This situation may be determined where an operator decides a maximum number of IP-CAN sessions to be established by the user, namely a maximum number of home-IP addresses assigned, and the user is reaching or attempts to exceed this maximum number. In this situation, the operator might not be able to verify whether the user is performing some type of attack, like eavesdropping, fraudulent sharing of user credentials, or others, so that multiple users access data services via one subscription.
Other situations suspicious of compromising the network security, alone or in combination, might be where a user accesses too many services within a same IP-CAN session, where a user uses a maximum bandwidth allowed to the user as part of his subscription, where a user is trying to initiate more bearers than allowed, or where a user changes very frequently the roaming technological accesses, such as between 3GPP access and a Worldwide Interoperability for Microwave Access (hereinafter Wimax).
At present, the operator has no means, in these circumstances, and can not verify whether these activities by end-users should be considered a security threat or whether these activities can actually be authorized to proceed without risk of security or revenues.